Educause Security Discussion mailing list archives

Re: Questions about Firewall Exceptions

From: Brenda B Gombosky <brenda.gombosky () LOUISVILLE EDU>
Date: Thu, 15 Mar 2007 15:42:11 -0400

 
 
Brenda B. Gombosky, CISSP, CHSP
Director, Information Technology
University of Louisville
Miller IT Center, Room 109
Louisville, KY 40292
(502)852-5037
(502)419-6689

"Greg T. Grimes" <gtg4 () MSSTATE EDU> 3/14/2007 5:33 PM >>>

I have a few questions about how everyone handles firewall exceptions.  I 
know everyone won't have the same settup as we do, but MSU is looking to 
have a formal authorization process for exceptions.  Thanks in advance.

1.  Who manages your firewalls?  Central IT, Department IT?
 
Central IT

2.  Do you you require approval for an exception in a firewall for a 
network?
 
Yes


  a.  If so, who approves?
 
Designated security staff 


  b.  What is the approval process?
 
All approvals are approved, any questionable requests are sent to me for final approval as Director
 
Requests must be in by Wednesday Noon - to be done during PM hours (Friday evenings)
Emergencies must be approved via Dean/Dept head before being sent - final approval by Director (me)

  c.  Do you use a form?
 
Yes - online

3.  What exceptions do you allow or disallow?

Varied
Again, thank you in advance for your responses.  Have a great day.

-- 
Greg T. Grimes
Systems Programmer
ITS -- Network Services
Mississippi State University
greg () its msstate edu

Current thread:

Questions about Firewall Exceptions Greg T. Grimes (Mar 14)
- <Possible follow-ups>
- Re: Questions about Firewall Exceptions Michael Hornung (Mar 14)
- Re: Questions about Firewall Exceptions Randy Marchany (Mar 14)
- Re: Questions about Firewall Exceptions Matthew Keller (Mar 15)
- Re: Questions about Firewall Exceptions Gary Flynn (Mar 15)
- Re: Questions about Firewall Exceptions Brenda B Gombosky (Mar 15)
- Re: Questions about Firewall Exceptions Greg T. Grimes (Mar 19)